Today’s scan showed I believe a false positive. It’s in the system recovery partition from HP. It’s Vista 64 bit. I’ve got the free Avast version 5.0.677. Here is the log entry for today
avast! Scan Report
This file is generated automatically
Scan name: Full system scan
Started on: Saturday, February 05, 2011 11:25:27 AM
VPS: 110205-0, 02/05/2011
E:\hp\Drv\APP10373\src\KbdStub.exe [L] Win32:Malware-gen (0)
Infected files: 1
Total files: 304849
Total folders: 26160
Total size: 349.9 GB
Scan stopped: Saturday, February 05, 2011 11:41:46 AM
A forum search for KbdStub.exe would have found a report on this already, but this should have been in the Viruses and Worms forum.
The log won’t help what will is the file sample.
Send the sample to avast as a False Positive:
Open the chest and right click on the file and select ‘Submit to virus lab…’ complete the form and submit, the file will be uploaded during the next update.
I sent the file from the chest. I looked by topic and didn’t see the other post I thought it was recent but must have missed it. I finally got it zipped. I checked on Jotti and there was only 1 pos VBS antivirus. Virus total must be backed up after 45 min it’s still in que.
Joe
Jotti isn’t as good as virustotal as basically it is using linux versions of the scanners and there are less of them. VirusTotal is using windows versions and there are currently 43 different scanners.
So I tend to think it is worth the wait.
If you send the file from the chest there is no need to zip the file and email it, that is just another method.
Well gdata uses avast as one of its two scanners, so if it uses the same malware name that is one, the other two scanners, especially Jiangmin I’ve never heard of.
All taken care of. I received an actual email from Jiri Sejtko confirming it was a false positive and that it would be fixed in today’s update. Quite pleasant considering most companies use the canned replies if they even bother at all. Back when I was slipstreaming XP I sent programs and apps that I knew to be safe but detected as a virus with the appropriate links and they were usually fixed in a day or two. It’s pretty rare to deal with a company today that actually does care about their customers.
Joe
It has been said many times by avast, they won’t do that as it gives a single click exclusion which would allow you to run the file (which avast considers infected). If it isn’t an FP or if accidentally used on a virus/worm/malware file it could leave the users system beyond the users control and infected.
That is why the addition to exclusions is a deliberate manual act.